Perhaps Apple should educate consumers about sandboxing and then describe all apps as "sandboxed" or "not sandboxed". Those who want the safety and are willing to accept limitations can feel secure with Apple's guidance. Those willing to take a measured risk should do their homework and allow greater developer freedom.
Basically, they want all apps on the App Store to be sandboxed. And then apps acquired from outside of the App Store can be sandboxed or not sandboxed as the developer desires.
It's not like the Mac will only run App Store software.
Yeah, this inconveniences people who want to get all their apps from the App Store. On the other hand, it becomes a clear choice for those who just simply arn't technical enough to google for a solution to a tech problem.
So those who are non techie have a safe place to get apps, those who know more can just install them the way we've been doing for the last 30 years: from wherever we find it.
----------
You can already see the affect on iOS that sand boxing has, severely restricting applications.. no Black List calling apps, no profile apps ( i.e., change ring tone, Bluetooth on off at given times or events ), for example.
Applications that other platforms may take fore-granted just aren't available, and very useful ones too... except on Cyndia.
Yes, we also don't have that impressively sneaky app that spies on your voice calls, identifies if you're speaking 16 numbers in a row and then sends the voice clip to a foreign server. (google for Soundminer)
There's upsides and downsides to security.
More freedom == less security.
More security == less freedom.
They're pretty much opposites.
----------
I don't see what Apple is so paranoid about when it comes to Mac App Store apps. As has been pointed out, Apple already approves Mac App Store submissions, so why restrict them even further, thereby making the App Store distribution model even less attractive to real developers?
The reason that they're paranoid is pretty much because as it is right now, the Mac App Store and iOS App Stores are very very different.
On iOS, yeah, it's pretty locked down.
On the Mac App Store, as the article suggests, there's barely any restrictions. And some apps depend private APIs, access everywhere, and/or all sorts of potentially insecure stuff, so they're approved despite these exceptions. They can audit the app submissions. But given there's so much more leeway given to an Mac App Store app currently, they aren't able to provide the same sense of safety.
For the most part, people think that apps on the Mac App Store are as safe as the apps on the iOS App Store because they trust the iOS App Store and assume that because the Mac App Store is newer, it's got the same kind of assurances. They are not the same. A Mac App Store app is less safe than an iOS App Store app, despite both being reviewed.
----------
New sandboxing idea:
Allow sandboxed apps to operate as normal, but allow the developer to place as many restrictions on the app as he wishes for the sake of security, so long as it doesn't affect the app's functionality. I think that's ideal. It would really be the best of both worlds. The benefit of this is that over time Apple could add all sorts of "optional" restrictions that could increase this security even further if they should chose to use them. I think this sort of system would be something that Apple could reasonably request developers to use.
That doesn't work for two reasons:
1) A developer can't list the ways their app can be exploited because if they could, they could fix it.
2) Additionally, if additional restrictions were added later, there's no guarantee it wouldn't break the app.
Sandboxing is a whitelist as opposed to a blacklist because it's easier to list "this is what I need" than to list "these things I don't need". Because the list of "things you don't need" is basically infinite.